24 matches found
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
CVE-2026-41883
OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...
omnifaces 安全漏洞
OmniFaces is an open-source JSF utility library developed by OmniFaces. There are security vulnerabilities in versions prior to 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3. These vulnerabilities stem from server-side EL injection, which may lead to remote code execution...
com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22018 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22018 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...
com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...
com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)
org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...
com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)
org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)
org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
com.flowlogix.depchain:shiro-jakarta (>=18 <=100), com.flowlogix:jee-examples (>=6.0 <=9.0.3) +23 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=4.0-M16 <=4.7.3)
org.omnifaces:omnifaces MAVEN version =4.0-M16, =18, =6.0, =1.6.0, =1.0, =4.1.0, =4.6.5 and more Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)
org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)
org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)
org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...
com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)
org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)
org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...
GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...
com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +25 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)
org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.4 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...